11 matches found
CVE-2020-19049
Cross Site Scripting XSS in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'...
CVE-2020-18467
Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...
CVE-2020-18467
Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...
Cross site scripting
Stored cross-site scripting XSS vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...
Cross site scripting
Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...
CVE-2020-18469
Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...
CVE-2020-18467
Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...
CVE-2021-36703
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...
Cross site scripting
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...
Cross site scripting
Stored cross-site scripting XSS vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...
wityCMS 0.6.1 Cross Site Scripting
Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1 Version: 0.6.1 Tested on:...